Expert Advice Community

Guest

General Data Processor Agreement

  Quote
Guest
Jeff Theobald Created:   Apr 19, 2018 Last commented:   Apr 21, 2018

General Data Processor Agreement

One of our customers which we deliver services to want us to sign their Data Processor Agreement. However the scope of this agreement list a lot more personal data types than we process. The scope seems to be general (exhaustive list) so they can use the same scope for all suppliers instead of describing the scope of the explicit Data Processing we will do. Is this acceptable according to EU GDPR?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Apr 21, 2018
The Data Processing Agreement should be in accordance with the requirements of EU GDPR art. 28(3) “Processor” https://advisera.com/eugdpracademy/gdpr/processor/ states among others that the Data Processing Agreement must contain a description of:
- scope, nature and purpose of processing;
- duration of the processing; and
- types of personal data and categories of data subjects.

So, as you can see it must refer to the data which is actually processed.

To find out about the duties of the processors you can check out our article “EU GDPR controller vs. processor – What are the differences?” https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 19, 2018

Apr 21, 2018

Suggested Topics

Guest user Created:   Jul 04, 2022 EU GDPR
Replies: 1
0 0

GDPR intermediary

Guest user Created:   Jun 30, 2022 EU GDPR
Replies: 1
0 0

Laboratory space

Guest user Created:   Jun 22, 2022 EU GDPR
Replies: 1
0 0

Doubts about ODPR or GDPR